|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
EasyCMS vulnerable to XSS injection.
preben
watchcom.no
Date: Sun Jan 29 2006 - 14:42:40 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The Norwegian web-publishing system EasyCMS (www.easycms.no) contains multiple input flaws letting users conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable to XSS.
It does not filter script tags and simple scripting like <script>alert(‘XSS’)</script> will work. Nearly all of the systems input boxes is open for scripting tags.
Furthermore it’s open for directory browsing ( http://<site>/images ).
The developers has been notified, and working on patching the system.
Please credit to: Preben Nyløkken
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]